A
vulnerability was recently discovered in Microsoft Windows Vector
Markup Language (VML). This issue allows an attacker to execute
malicious code through an HTML page in Internet Explorer, or in an HTML
formatted email. Sunbelt first found and reported this exploit on
September 18, 2006, after finding samples in the wild.
The CA
Security Advisor team has observed malware that utilizes this
vulnerability to drop a payload that includes device drivers with
rootkit-like behavior. Research is continuing, and more details will be
posted on the Security Advisor Research Blog as they become available.
On September 19, 2006, Microsoft published a security advisory at URL http://www.microsoft.com/technet/security/advisory/925568.mspx
stating that a vulnerability in the Microsoft Windows implementation of
Vector Markup Language could allow remote code execution. At the time,
Microsoft is planning to release a security update on October 10, 2006
for the affected operating systems.
To protect against this
exploit, unregister vgx.dll (the dll with the vulnerability) by
clicking on Start and then Run and typing the following command:
Regsvr32 /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"